Permission to view all indices and create dashboards

I am looking to give permission SAML user to read all indices and I have done the following:

  1. assign the following permissions with role indices_viewer
  2. Confirm role mapping is setup

However users are still getting 403, what is the next step of troubleshooting?

  "indices_viewer" : {
    "cluster" : [ ],
    "indices" : [
        "names" : [
        "privileges" : [
        "field_security" : {
          "grant" : [
          "except" : [ ]
        "allow_restricted_indices" : false
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true


Try looking at the network requests that are getting 403s in your browser debugger. They'll usually have a message in the response that gives clues as to what permissions are missing and needed.

Hope that helps!


That role does not appear to have access to Kibana.
Are you encountering the 403 error while logging into Kibana? If so, that is a likely cause.

Sorry, I was not specific enough after re-reading my post.

The user are able to login but they are not seeing any indices. The users also have kibana_admin in addition to the above custom role.

However, they are still getting 403 on the dashboards. Is there a built-in user permission to able to read all indices?

PUT _security/role_mapping/CLOUD_SAML_TO_KIBANA_ADMIN
  "enabled": true,
  "roles": [
    "rules": { "all" : [ 
        { "field": { "": "okta-realm" } }, 
        { "field": { "groups": "elastic-cloud" } }
  "metadata": {
    "version": 1

In which case the issue is almost certainly with your role mapping to the indices_viewer role. Tat role is correctly set up to grant read access to all indices, but it doesn't look like your users are being assigned the role.

Thanks @TimV

The users have roles mapped to kibana_admin and indices_viewer. They can login but not able to see any indices or dashboard from the indices.

So it looks like the roles mapping is not working. Is it possible to see their roles from my account? GET /_security/_authenticate/ doesn't work from my account as I can only see my permissions.

I confirmed the user are getting indices_viewer but still cannot see any indices or dashboard(cluster health dashboard for instance). So it looks like this is role permission rather?

GET /_security/_authenticate/
  "username" : "",
  "roles" : [

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.